From b57a22ff407cdcc0bdc18ec77de87ca9a7bfed31 Mon Sep 17 00:00:00 2001 From: Anurag Date: Sun, 1 Jan 2023 22:52:15 +0530 Subject: [PATCH 1/3] add verbose flag for karmor probe Signed-off-by: Anurag --- cmd/probe.go | 15 ++++++++++++--- probe/probe.go | 11 +++++++++++ 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/cmd/probe.go b/cmd/probe.go index 1278ee87..c5787877 100644 --- a/cmd/probe.go +++ b/cmd/probe.go @@ -8,6 +8,8 @@ import ( "github.com/spf13/cobra" ) +var verbose bool + var probeInstallOptions probe.Options // probeCmd represents the get command @@ -22,16 +24,23 @@ and what KubeArmor features will be supported e.g: observability, enforcement, e If KubeArmor is running, It probes which environment KubeArmor is running on (e.g: systemd mode, kubernetes etc.), the supported KubeArmor features in the environment, the pods being handled by KubeArmor and the policies running on each of these pods`, RunE: func(cmd *cobra.Command, args []string) error { - if err := probe.PrintProbeResult(client, probeInstallOptions); err != nil { - return err + if !verbose { + err := probe.PrintAnnotatedPods(client, probeInstallOptions) + if err != nil { + return err + } + } else { + if err := probe.PrintProbeResult(client, probeInstallOptions); err != nil { + return err + } } return nil - }, } func init() { rootCmd.AddCommand(probeCmd) + probeCmd.Flags().BoolVarP(&verbose, "verbose", "v", false, "print verbose output of karmor probe") probeCmd.Flags().StringVarP(&probeInstallOptions.Namespace, "namespace", "n", "kube-system", "Namespace for resources") probeCmd.Flags().BoolVar(&probeInstallOptions.Full, "full", false, `If KubeArmor is not running, it deploys a daemonset to have access to more information on KubeArmor support in the environment and deletes daemonset after probing`) diff --git a/probe/probe.go b/probe/probe.go index 71ec6750..523e74ce 100644 --- a/probe/probe.go +++ b/probe/probe.go @@ -70,6 +70,17 @@ func probeDaemonUninstaller(c *k8s.Client, o Options) error { return nil } +// only annotated pods and corresponding policies +func PrintAnnotatedPods(c *k8s.Client, o Options) error { + if isKubeArmorRunning(c, o) { + err := getAnnotatedPods(c) + if err != nil { + log.Println("error occured when getting annotated pods", err) + } + } + return nil +} + // PrintProbeResult prints the result for the host and k8s probing kArmor does to check compatibility with KubeArmor func PrintProbeResult(c *k8s.Client, o Options) error { if runtime.GOOS != "linux" { From 4a93845b5cf438cb15f1261379db6c4c67f29dbb Mon Sep 17 00:00:00 2001 From: Anurag <81210977+kranurag7@users.noreply.github.com> Date: Sat, 28 Jan 2023 20:54:04 +0530 Subject: [PATCH 2/3] Update probe/probe.go Co-authored-by: Rahul Jadhav --- probe/probe.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/probe/probe.go b/probe/probe.go index 523e74ce..ad0215af 100644 --- a/probe/probe.go +++ b/probe/probe.go @@ -70,7 +70,7 @@ func probeDaemonUninstaller(c *k8s.Client, o Options) error { return nil } -// only annotated pods and corresponding policies +// PrintAnnotatedPods only annotated pods and corresponding policies func PrintAnnotatedPods(c *k8s.Client, o Options) error { if isKubeArmorRunning(c, o) { err := getAnnotatedPods(c) From 3401175149140d15148e815ef38929ad40df83f2 Mon Sep 17 00:00:00 2001 From: Anurag <81210977+kranurag7@users.noreply.github.com> Date: Sat, 28 Jan 2023 20:54:10 +0530 Subject: [PATCH 3/3] Update cmd/probe.go Co-authored-by: Rahul Jadhav --- cmd/probe.go | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/cmd/probe.go b/cmd/probe.go index c5787877..90d50142 100644 --- a/cmd/probe.go +++ b/cmd/probe.go @@ -25,16 +25,9 @@ If KubeArmor is running, It probes which environment KubeArmor is running on (e. the supported KubeArmor features in the environment, the pods being handled by KubeArmor and the policies running on each of these pods`, RunE: func(cmd *cobra.Command, args []string) error { if !verbose { - err := probe.PrintAnnotatedPods(client, probeInstallOptions) - if err != nil { - return err - } - } else { - if err := probe.PrintProbeResult(client, probeInstallOptions); err != nil { - return err - } + return probe.PrintAnnotatedPods(client, probeInstallOptions) } - return nil + return probe.PrintProbeResult(client, probeInstallOptions); err != nil { }, }